February 28, 2009

Subsequent reactions suggest that some readers may not be fully familiar with the Ombudsman concept, at least in the way that I use the term.

An Ombudsman is not the same thing as "customer support" per se. I am not advocating a vast new Google customer service apparatus for users of their free services. Ombudsmen (Ombudswomen? Let's skip the politically correct linguistics for now ...) aren't who you go to when search results are slow or you can't log in to Gmail for two hours. These sorts of generally purely technical issues are the vast majority of the time suitable for handling within the normal context of existing online reporting forms and the like. (I inadvertently may have caused some confusion on this point by introducing my previous piece with a mention of Gmail problems -- but that was only meant in the sense that those problems triggered broader discussions, not a specific example of an issue appropriate for escalation to an Ombudsman.)

But there's a whole different class of largely non-technical (or more accurately, mixed-modality) issues where Google users appear to routinely feel frustrated and impotent to deal with what they feel are very disturbing situations.

Many of these relate to perceived defamations, demeaning falsehoods, systemic attacks, and other similar concerns that some persons feel are present in various Google service data (search results, Google Groups postings, Google-hosted blog postings, YouTube, and so on).

By the time some of these people write to me, they're apparently in tears over the situations, wondering if they should spend their paltry savings on lawyers, and generally very distraught. Their biggest immediate complaints? They don't know who to contact at Google, or their attempts at contact via online forms and e-mail have yielded nothing but automatic replies (if that).

And herein resides the crux of the matter. I am a very public advocate of open information, and a strong opponent of censorship. I won't litter this posting with all of the relevant links. I have however expressed concerns about the tendency of false information to reside forever in search results without mechanisms for counterbalancing arguments to be seen. In 2007 I discussed this in Search Engine Dispute Notifications: Request For Comments and subsequent postings. This is an exceedingly complex topic, with no simple solutions.

In general, my experience has been that many or most of the concerns that people bring forth in these regards are, all aspects of the situation considered fairly, not necessarily suitable for the kinds of relief that the persons involved are seeking. That is, the level of harm claimed often seems insufficient, vs. free speech and the associated rights of other parties.

However, there are dramatic, and not terribly infrequent exceptions that appear significantly egregious and serious. And when these folks can't get a substantive reply from Google (and can't afford a lawyer to go after the parties who actually have posted or otherwise control the information that Google is indexing or hosting) these aggrieved persons tend to be up you-know-what creek.

If you have a DMCA concern, Google will normally react to it promptly. But when the DMCA is not involved, trying to get a real response from Google about the sorts of potentially serious concerns discussed above -- unless you have contacts that most people don't have -- can often seem impossible.

Google generally takes the position -- a position that I basically support -- that since they don't create most content, the responsibility for the content is with the actual creator, the hosting Web sites, and so on. But Google makes their living by providing global access to those materials, and cannot be reasonably viewed as being wholly separated from associated impacts and concerns.

At the very least, even if requests for deletions, alterations, or other relief are unconvincing or rejected for any number of quite valid reasons, the persons who bring forth these concerns should not be effectively ignored. They deserve to at least get a substantive response, some sort of hearing, more than a form-letter automated reply about why their particular plea is being rejected. This principle remains true irrespective of the ultimate merits or disposition of the particular case.

And this is where the role of a Google Ombudsman could be so important -- not only in terms of appropriately responding to these sorts of cases, but also to help head off the possibility of blowback via draconian regulatory or legislative actions that might cut deeply into Google's (and their competitors) business models -- a nightmare scenario that I for one don't want to see occur.

But I do fear that unless Google moves assertively toward providing better communications channels with their users for significant issues -- beyond form responses and postings in the official Google blogs, there are forces that would just love to see Google seriously damaged who will find ways to leverage these sorts of issues toward that end -- evidence of this sort of positioning by some well-heeled Google haters is already visible.

Ombudsmen are all about communication. For any large firm that is constantly dealing with the public, especially one operating on the scope of Google, it's almost impossible to have too much communication when it comes to important problems and related issues. On the other hand, too little communications, or the sense that concerned persons are being ignored, can be a penny-wise but pound-foolish course with negative consequences that could have been -- even if not easily avoided-- at least avoided with a degree of serious effort.

February 27, 2009

Greetings. There's been a lot of buzz around the Net recently about Google Gmail outages, and this has brought back to the surface a longstanding concern about the public's ability (or lack thereof) to communicate effectively with Google itself about problems and issues with Google services.

I'll note right here that Google usually does provide a high level of customer support for users of their paid services. And I would assert that there's nothing wrong with Google providing differing support levels to paying customers vs. users of their many free services.

But without a doubt, far and away, the biggest Google-related issue that people bring to me is a perceived inability to effectively communicate with Google when they have problems with free Google services -- which people do now depend on in many ways, of course. These problems can range from minor to quite serious, sometimes with significant ongoing impacts, and the usual complaint is that they get no response from submissions to reporting forms or e-mailed concerns.

On numerous occasions, when people bring particular Google problems to my attention, I have passed along (when I deemed it appropriate) some of these specific problems to my own contacts at Google, and they've always been dealt with promptly from that point forward. But this procedure can't help everyone with such Google-related issues, of course.

I have long advocated (both privately to Google and publicly) that Google establish some sort of public Ombudsman (likely a relatively small team) devoted specifically to help interface with the public regarding user problems -- a role that requires a skillful combination of technical ability, public relations, and "triage" skills. Most large firms that interact continually with the public have teams of this sort in one form or another, often under the label "Ombudsman" (or sometimes "Office of the President").

The unofficial response I've gotten from Google regarding this concept has been an expression of understanding but a definite concern about how such an effort would scale given Google's user base.

I would never claim that doing this properly is a trivial task -- far from it. But given both the horizontal and vertical scope of Google services, and the extent to which vast numbers of persons now depend on these services in their everyday personal and business lives, I would again urge Google to consider moving forward along these lines.

February 26, 2009

Fair Warning: If you're a "oh, it's only a cat, who cares?" type of person, feel free to move on to some other blog item now.

I do my best to keep my personal life off the Net. I'm of a generation that by and large doesn't feel the same need to splatter the details of our mundane lives around for all to see Facebook-style.

But regular readers may know a couple of personal items about me -- that I ride an old Harley chopper, and that I care very deeply about animals. If there's one thing that will set me off like mercury fulminate it's abuse of animals, whether purposeful or through unforgivable ignorance.

So you can imagine my reaction when I got a call this afternoon from an old friend -- someone I've known since my UCLA days -- that his cat had died.

All animals die. But the circumstances of this death infuriated me. The cat's owner has a PhD in a hard science from UCLA from decades ago -- so one would assume that he's not a total idiot. He's made his living for many years by buying and selling collectables, mostly on eBay these days.

For months he's been planning his move from L.A. to Las Vegas, where he apparently plans to spend the rest of his life eating at casino buffets and playing poker. Today was the official moving day. His cat didn't survive the trip.

This wasn't a young cat, but she was in pretty good shape overall. I was responsible for getting my friend to adopt her years ago from an abusive home. The drive from L.A. to Vegas isn't fun, but it's not like a cross-country trek either.

There's generally no reason for a cat like this not to survive the drive -- unless you're being driven by someone whose priorities are so incredibly screwed up that they put an animal that they supposedly care about at unnecessary risk.

In this case, I've learned that the cat was packed in a cage in the back seat of the car, where it couldn't even be checked more than once midway, hours into the trip, to see if it was in any distress. This was criminal negligence. I don't even take any of my animals to the vet without making sure that I can see them the whole time to make sure they're OK -- even on a trip that lasts only a few minutes.

And the moron with a PhD didn't give the cat any water for the drive. Not one drop. "Gee, I didn't know it needed water on the trip!" I was told when I inquired.

By the time they arrived at Vegas, and finally in position for a check, the cat was dead.

It wasn't my cat -- but I feel partly responsible since I found the cat that home. I was and am livid about this. Like I said, all animals die, ourselves included, but this death was needless negligence of the worst sort.

My now ex-friend insisted that the death wasn't his fault -- "I guess her heart just gave out."

"No," I replied, "You killed her through neglect -- just as effectively as if you had choked the life out of her little neck with your bare hands." I said this to hurt. I hope it did hurt. I don't want him to ever forget what he's done.

And ultimately that's the reason for this post -- the hope that it will remind people how fragile the lives of our animals can be, and how totally and utterly they depend on us not acting like irresponsible dolts.

Anyone who can't handle that shouldn't have animals. It's really that simple -- and that sad.

February 19, 2009

Greetings. I had to perform a WHOIS domain search a few minutes ago. Since it led to a dot-com address hosted at Network Solutions I didn't necessarily expect to find much of value. As you may recall, Network Solutions routinely claims all manner of rights and restrictions over WHOIS use. They also constantly are pushing private registrations in a manner that morphed from a legitimate service for occasional use into a routine haven for spammers and phishers, and a risk to network stability.

But never mind all that for now. I accessed WHOIS through my local command line interface, since I just wanted whatever facts were available, not all the decorations. Imagine my surprise when I was greeted with what amounted to a "This Space Available For Rent!" promotion along with the listing.

I can't find the exact date that this got started, but I haven't heard anyone mention this before -- and the press release I dug up looks very new. Given the volume of WHOIS searches I do, I'm sure I would have noticed this earlier if it hadn't just gotten going.

Network Solutions has turned WHOIS into their own creepy version of the "Yellow Pages" directory. Here's what I actually found stuffed in the middle of current WHOIS listings:

------------------------------------------------------------------------
Promote your business to millions of viewers for only $1 a month
Learn how you can get an Enhanced Business Listing here for your domain name.
Learn more at http://www.NetworkSolutions.com/
------------------------------------------------------------------------

The actual Network Solutions Press Release makes it clear that NetSol now considers WHOIS to be a "value proposition" that they've transformed from its traditional role "which has no marketing value." Oh, by the way -- take a look at the actual URL for the press release -- see the funny characters in there? NetSol stuck a "registered trademark" character after their name in the URL! Isn't that just too cute? And the URL won't work if you remove the mark -- I just checked.

In fact, they're actually pushing both their ad service and private registrations at the same time -- suggesting that you can hide your administrative address from the public but still promote your business! I kid you not.

I won't belabor this here, except for one point, one question, and a thought.

First, the continuing pattern of WHOIS mutations is an utter perversion of what WHOIS is supposed to be, and is putting key information critical to the continued stable operation of the Internet, and protection of consumers, more and more out of reach.

And secondly -- I'd appreciate it if someone with a deeper understanding of the contractual relationships between NetSol (and other registrars for that matter),
ICANN, and the Department of Commerce would confirm for me that Network Solutions' deployment of this service is entirely within the bounds of legality. In fact, let's apply this test to all registrars and their handling of WHOIS, not just NetSol.

Finally, as a thought experiment, if NetSol's latest ploy is legal, what can we do to change that state of affairs or otherwise get WHOIS back onto the track of being an open and free, useful and accurate resource for the global Internet community -- not a cash cow being promoted as a cloak for the unscrupulous.

February 16, 2009

Greetings. I'm pleased to announce the availability of a new venue for discussion, reporting, analysis, information sharing, queries, and consumer assistance regarding Internet performance, transparency, and measurement, plus a wide range of topics associated with consumers and their interactions with Internet Service Providers (ISPs).

Called GCTIP Forums, this project -- The Global Coalition for Transparent Internet Performance -- is the outgrowth of a network measurement workshop meeting sponsored by Vint Cerf and Google at their headquarters in June, 2008 for a number of academic network measurement researchers and other related parties. This is the same meeting that formed the genesis of the open platform M-Lab (Measurement Lab) project that was recently announced.

GCTIP was the original name for the mailing list that I maintained for that Google meeting and subsequent discussions (full disclosure: I helped to organize the agenda for the meeting and also attended).

Unless we know what the performance of the Internet for any given users really is -- true bandwidth performance, traffic management, port blocking, server prohibitions, filtering, censorship, Terms of Service concerns, and a wide range of other parameters, it's impossible for anyone who uses Internet services to really know if they're getting what they're paying for, if their data is being handled appropriately in terms of privacy and security, and all manner of other crucial related issues.

The purpose of GCTIP Forums is to provide a free discussion environment to act as a clearinghouse for all stakeholders (technical, consumers, ISPs, government-related, etc.) to interact on the range of "network transparency" and associated topics. The focus is on collecting, analyzing, and disseminating reports relating to Internet measurement/test data -- plus associated concerns, discussions, etc., in manners that are most useful to the network community at large. There are many groups working in the network measurement area, but surprisingly little data sharing, coordination, or ongoing reporting in a form that is useful to most ordinary Internet consumers or other interested observers.

An area of particular concern is helping to assure that measurement tests and perceived consumer problems with their ISPs aren't misinterpreted by users resulting in unfair or simply wrong accusations against those ISPs. I feel strongly that consumers need a place to go with these sorts of issues where the broader community and experts can help interpret what's really going on. Guilty firms should be exposed, but the innocent must not be inappropriately branded.

All current GCTIP Forums topics can be viewed without signing up on the system. Simple registration is required to post new discussion threads and replies, but no non-administrative topics are currently pre-moderated (any reported materials confirmed to be inappropriate will be deleted promptly).

GCTIP Forums exist to enable the exchange of relevant ideas, queries, data, and other information for anyone concerned about the Internet worldwide.

The Forums are seeded with five top-level discussion topics to get things rolling, but suggestions for additional categories are welcome. New threads (e.g. discussions of particular measurement tools, measurement results, specific ISP issues and concerns, etc.) can be created by registered users, starting right now.

Please note that I am running GCTIP on my own dime at this point. At such a time as any outside support funding becomes available for the project (which would be very much appreciated!) it will be publicly announced of course.

Spread the word! This is your chance to help yourself and everyone else better understand what the Internet is really doing, and by extension, where it is going tomorrow.

February 11, 2009

Greetings. We've all heard about nasty items being sneaked into the federal economic stimulus package, now in final negotiations between the House and Senate. What you probably haven't heard is that Senator Feinstein of here in California (who usually has good ideas, but occasionally brings forth legislative aberrations) has apparently tried to slip a provision into the legislation that could open to the door to widespread monitoring of Internet traffic by ISPs.

The amendment, seemingly offered without any public debate, would require that the Broadband Technology Opportunities Program (that is, the broadband stimulus portion of the overall stimulus legislation) permit "reasonable network management practices such as deterring unlawful activity, including [c-porn] and copyright infringement."

The possibility exists that this amendment will find its way into the final wording of the stimulus package being worked on by the House/Senate conference committee, which could be finalized by the end of today.

You'll note that the term "monitoring" is not included in the very short wording of the amendment. But the term "network management" is a can of worms. If the amendment's sponsors had only wanted to assure that existing mechanisms for DMCA (and other) "take down" notices would be protected, they could have said this explicitly.

It was to be expected that c-porn would be the hook used as the first item to try justify Internet monitoring. But by then moving to copyright infringement and any other "unlawful activity," the camel's nose has come explicitly much farther under the tent toward the possibility of pervasive Internet monitoring.

Of course, we know that any such monitoring would likely find itself deeply embroiled in court battles, and readily available encryption foils such techniques as a matter of course.

But this amendment, as worded, appears to set a very dangerous precedent. Again, if its sponsors didn't intend to potentially open a Pandora's Box of Internet monitoring, the term "network management" shouldn't have been used in this manner.

As other observers have also alerted, this amendment should immediately be withdrawn from any consideration, and defeated in its current form.

February 05, 2009

Greetings. With Google's announcement of their new Latitude "friends tracking" location service for cell phones and other devices, Privacy International has once again taken the opportunity to shoot various misplaced barbs in Google's direction.

Without getting into all of the technical mumbo-jumbo here, I'll simply point out that while potential abuses of GPS devices (particularly when attached to or part of cell phones) are very real, attacking the sort of opt-in service represented by Latitude seems to be demonstrating an almost amusing lack of understanding relating to GPS/phone technology.

The reason why is simple in the extreme. While we can argue about data retention policies, and postulate complicated abuse scenarios, the real GPS risk to cell phone users isn't from openly promoted, commercial, opt-in services (of which Latitude is but one example).

Rather, the major danger is from purpose-built programs designed from the ground up for surreptitious tracking of individuals, unencumbered by such niceties as public disclosure, opt-in requirements, and privacy policies.

Give me an hour or so, and I could write a program to silently access many cell phones' GPS units at intervals and shoot the users' coordinates down the phones' data connections to never-never land, with the phones' owners likely unaware what was going on unless they were particularly attentive.

If you wanted to track someone's location without their knowledge, would you really want to get Google involved in the loop unnecessarily, using a publicly known application that could be easily stumbled upon by the user? Of course not!

This doesn't address the broader issue though. While attacking Google over Latitude is a ridiculous exercise, the fact that cell phone GPS units can potentially be abused in truly nasty ways by specialized, hidden software is a genuine concern.

But GPS capabilities are rapidly becoming the rule in cell phones, not the exception.

The legitimate benefits of GPS-type functions in cell phones are undeniable, and are even required to one extent or another in the U.S. by FCC E911 requirements. Cell phones without data capabilities are becoming few and far between, and even without a data connection, location data could be "secretly" transmitted via text messages (with significantly more probability of exposure).

There are a variety of technical and user interface approaches to help minimize the risks of "invisible" GPS tracking by any applications, and a public discussion about the pros and cons of cell phone GPS systems, and how they should best be managed and controlled, seems completely appropriate.

However, if we're going to have such a dialogue, it's important that we stay in focus and not waste time with inappropriate posturing whenever Google brings out a new product.

Google's Latitude is not the problem -- it's a well thought out, opt-in offering.

GPS itself, in a significant number of contexts, can indeed be abused in ways that can cause serious problems -- and yet GPS also can be an incredibly useful wonder in a range of extremely important or just plain fun legitimate applications.

When it comes to GPS and cell phones, let's keep our eyes on the ball, and not be distracted by irrelevant antics.

I recently stumbled into another similar example, and while this time the film is not nearly as obscure, it's free availability on the Web demonstrates again how the Net Changes Everything.

The movie in question is 1958's I Bury the Living, starring Have Gun -- Will Travel's Richard Boone, in a very different sort of role as cemetery chairman Robert Kraft -- a man with a serious problem.

To understand character Kraft's dilemma, you need to know that while Boone is billed as the ostensible star of this film, the real star is a large, creepy cemetery map filled with pins -- white pins for vacancies, black pins for "bodies in residence." When chairman Kraft accidentally discovers that using black pins instead of white ones appears to result in the death of the associated parties, his mental state deteriorates rapidly.

I originally saw Bury on late night TV when I was less than ten years old, and for decades afterward it vanished from view. But I sure remembered that map with its roads seemingly twisted into a sneering face, and I never forgot those pins. As Kraft's condition fades, we see the map subjectively as he does, looming ever brighter, larger, and more foreboding.

While the film was low budget, the cinematography is in places utterly brilliant. And if the movie's powerful score seems to trigger future echos of music somehow familiar, it's likely because you've heard composer Gerald Fried's work in everything from Star Trek (e.g., "Spock in Heat" Amok Time) to a wide variety of other television and film projects.

Some reviewers have expressed disappointment at the ending of I Bury the Living -- but I don't care. It's one of a kind, a must see, and given that it's only one click away, you have no excuse for not, uh, digging in.

I have only one question -- is this film really Public Domain as claimed? Oh well, I'll take The Internet Archive at their word on this, and we can again thank the spinning disks, blinking routers, smoldering CPUs, and other assorted instrumentalities of the Internet for another trip deep (six feet under deep!) down memory lane.

February 03, 2009

Greetings. A number of people have been asking me what I'm using as an e-mail client on the Google Android G1. My answer might surprise you (well, it might have if you hadn't already seen the title of this piece).

Since I run my own SSH/TLS-secured e-mail servers, I don't routinely need to use Gmail for the bulk of my correspondence, so the well-designed G1 Gmail application is only useful to me for a fraction of my total voluminous e-mail flow. The included G1 POP/IMAP mail application for non-Gmail is somewhat limited, and work on its "K9" development fork is in rather early stages. I've also found both of these e-mail clients to have some significant display limitations of importance to me, such as font-sizing restrictions and the like.

Fairly recently, I began using the text-based Mutt e-mail package as my primary Message User Agent (MUA) on my local Linux systems. I won't try to summarize its features here, other than to say that if you deal with lotsa mail, even in many different accounts on different systems, Mutt can make a tremendous difference in your productivity. I still use Thunderbird (or similar GUI-based apps) to view inline images and such in e-mail, but frankly most of the time I can move much more quickly with plain text and textual rendering of referenced page links.

Let me put it this way. In an unscientific test I ran of my typical e-mail handling under Thunderbird vs. Mutt -- including message indexes, sorting, searching, filing messages to appropriate folders (Mutt is fantastic at this), and so on, I found almost a fourfold speedup when using Mutt.

Part of the reason is that with Mutt I can do everything from the keyboard (without depending on third-party GUI plugins), and can plow through messages like a hot knife through butter. No need to keep switching between keyboard and mouse.

You probably know where I'm going with this by now. My next step was to find a way to run Mutt with the G1. To cut to the chase, I'm using a modified version of the excellent free Android ConnectBot SSH client. The version I've built plays sounds both for control-G and for loss of connection (I'll set up auto-reconnect soon myself if nobody else does it).

The rest is straightforward, though a bit of rather simple shell hacking is involved. With a single touch to the G1, a certificate-based SSH connection is established back to my servers, Mutt is started, and I have access to all of my mail in virtually exactly the same form that I access it on local machines. I've set the color scheme to be a little different, and adjusted some parameters to better deal with the smaller G1 display, but other than that, it's pretty much all the same.

The SSH client allows for easy resizing of fonts to any practical desired size -- and Mutt immediately adjusts its layout to compensate. I drop right into an Emacs-style editor for composing new messages -- font size changes are handled properly there too. No messages have to be downloaded to the phone per se -- they're all being read over the SSH connection (which my routines "ping" at intervals to avoid T-Mobile's five minute idle connection timeouts).

The client happily runs in the background behind other applications or when the phone is "sleeping" -- waking up as appropriate to notify of new mail. My next planned step is to define Mutt macros to allow for the most common mail handling functions to be performed using only the G1 trackball and one phone button, without opening the keyboard.

If I really need to see an image, I can use the other programs to access the messages of concern via secure IMAP, but I rarely need to do this from the G1.

I realize that this kind of setup won't be appropriate for everyone, especially since it requires a significant existing mail server and SSH infrastructure, and if your e-mail tends to be heavy on image attachments that could be an additional complication.

But if you're a Google Android G1 user, have the appropriate server facilities, and need to deal with very large volumes of e-mail in a secure manner, the Mutt/SSH solution may worth considering.

I'd be glad to answer any questions about this of course, and my modified version of the SSH client is available upon request.